search

OfficeDev / microsoft-teams-apps-champion-management

Champion Management Platform is a custom Teams app that enables organizations to onboard and maintain champions/ SME in their organization in Teams.
MIT License
125 stars 48 forks source link

Copilot CoE API Permission #181

Closed jscaion closed 8 months ago

jscaion commented 9 months ago

We find that the API permissions for the champion management platform are too permissive :

Microsoft Graph, User.ReadWrite Microsoft Graph, Sites.Manage.All

Can you explain me why ? are there other possibilities ? Site.selected for example?

Let me know.

Regards.

v-saikirang commented 9 months ago

Hi @jscaion,

Microsoft Graph, Sites.Manage.All - This is for provisioning the site and supporting lists in sharepoint. We have already eliminated this in our next release. You can also remove this permission once you are done with app set up and after making sure the app is working fine. Microsoft Graph, User.ReadWrite - This is for updating the user's office 365 profile picture through Digital Badge feature.

Please let me know if you need more information. Thanks.

microsoft-github-policy-service[bot] commented 8 months ago

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.